How do I prevent session tokens from expiring in the API?

Table of contents

Overview

For all Z-Commerce API calls, save the login() call, you'll need to provide a valid session token to authenticate yourself to the Zuora system. As with any session based authentication, the session token has a certain lifespan, beyond which it expires and is no longer valid. The session token can be retrieved using the login() API call. You have multiple options for managing the session tokens.

The API Client Tracks the Session Token Lifespan

The API client tracks the session token lifespan via a timer set to expire at 10 minutes. Zuora recommends that you use this method.

At the moment of timer expiration, the client logs into Zuora again, getting an updated token. This new token would be used for the next 10 minutes, and so on. The 10 minute timer duration gives a comfortable margin from the minimum Zuora session token expiration of 15 minutes.

The API Client Logs in to Zuora Before Every Call

Having the API client log in to Zuora before every call is the simplest management method. Although it incurs the overhead of another API call, it simplifies the client logic.

The API Client Handles Session Token Expiration Exceptions

When a session token expires, a Zuora API call will throw an authentication exception. The API client can then log in and re-try the call again. This is not recommended, as the exception handling logic unnecessarily complicates the API client.